FIG. 4 



FIG. 5 




SECRET-KEY (Kb)\ 
SESSION-KEY (Sab)/ 




MN 



FIRST 
PACKET 



HA FIRST CN 
PACKET 



S2 



7 




ASllTGSl 



KDC 



L 



S4 



PACKET 
AUTHENTICATION 



© 



S6 



INITIAL AUTHENTICATION 
AND TICKETING 



YES 



ESTABLISHMENT OF SESSION KEY Scn/mn 



CD- 



BINDING 
UPDATE 



t: 



S7 



SA ESTABLISHMENT p S8 



I 



S9 



4 



FIG. 8 



SECURITY 
PARAMETER 
INDEX 


SECURITY 
PROTOCAL 
INDENTIFIER 


IP 

DESTINATION 
ADDRESS 


a ■ a 


IP 

DESTINATION 
HOME 
ADDRESS 


FIRST 
PACKET 
DISTINGUISH 
FLAG 



























FIG. 9 




CN MN 



4 



^Kcn' 



140 



FIG. 6 



CN 



ENTER USERNAME 



S6-1 



KRB_AS_REQ f S6 ~ 2 
1 ». 



KDC 



S6-3 



CREATE A "S cn " AND Ten" 
AND ENCRYPT 



KRB_AS_REP: Ken { S cn , T cn } 



DECRYPT WITH Ken 
=>"Scn ","Tcn" 



T 



S6-4 



■S6-5 



FIG. 7 



135 



Kmn" 




C 



145 



MN 



HA 




S7-1 KDC 
\ Tcn'/mn" 



S7-2 



AUTHENTICATE "cn" 
USING "Ten" 



S7-3 



I 



CREATES "Scn/mn", "Smn" 
AND "Tmn" 



Ken { Scn/mn , Kmn {Scn/mn.Tmn.Smn }} 



Kmn { Scn/mn, Tmn, Smn ) 



DECRYPT 
=!> "Scn/mn" "Tmn" 
"Smn" 



S7-6 



7 



DECRYPTS "Scn/mn" 

C 



-S7-5 



S7-4 



S7-7 




FIG. 11 




